-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=============================================================================
FreeBSD-EN-09:04.fork                                           Errata Notice
                                                          The FreeBSD Project

Topic:		Deadlock in a multi-threaded program during fork(2)

Category:	core
Module:		libc
Announced:	2009-06-24
Credits:	Konstantin Belousov <kib@FreeBSD.org>,
		Max Brazhnikov <makc@FreeBSD.org>
Affects:	FreeBSD 7.2
Corrected:	2009-05-03 17:51:38 (RELENG_7, 7.2-STABLE)
		2009-06-24 05:28:09 (RELENG_7_2, 7.2-RELEASE-p2)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:http://security.freebsd.org/>.

I.	Background

fork(2) is a system call which causes creation of a new process.
FreeBSD supports invoking the malloc(3) function during the fork(2) in
a process running in threaded mode which involves locking of the memory
allocator.

II.	Problem Description

A lock order reversal has been found in the interaction between the
malloc(3) implementation and threading library.  When a multi-threaded
process calls the fork(2) system call in a thread and the malloc(3)
function in another thread it can cause a deadlock in the child
process.

III.	Impact

A multi-threaded program that calls fork(2) in a thread and malloc(3)
in another thread can make the child process stop unintentionally.
There is no direct impact on the other processes or the kernel.

IV.	Workaround

No workaround is available.

V.	Solution

Perform one of the following:

1) Upgrade your vulnerable system to 7-STABLE or to the RELENG_7_2
   security branch dated after the correction date.

2) To patch your present system:

The following patches have been verified to apply to FreeBSD 7.2 system.

a) Download the relevant patch from the location below, and verify the
   detached PGP signature using your PGP utility.

# fetch http://security.FreeBSD.org/patches/EN-09:04/fork.patch
# fetch http://security.FreeBSD.org/patches/EN-09:04/fork.patch.asc

b) Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/lib/libc
# make obj && make depend && make && make install

VI.	Correction details

The following list contains the revision numbers of each file that was
corrected in FreeBSD.

CVS:

Branch								 Revision
  Path
- -------------------------------------------------------------------------
RELENG_7
  src/lib/libc/stdlib/malloc.c					1.147.2.7
RELENG_7_2
  src/UPDATING                                             1.507.2.23.2.5
  src/sys/conf/newvers.sh                                   1.72.2.11.2.6
  src/lib/libc/stdlib/malloc.c                              1.147.2.6.2.2
- -------------------------------------------------------------------------

Subversion:

Branch/path                                                      Revision
- -------------------------------------------------------------------------
stable/7/                                                         r191767
releng/7.2/                                                       r194808
- -------------------------------------------------------------------------

VII.	References

The latest revision of this advisory is available at
http://security.FreeBSD.org/advisories/FreeBSD-EN-09:04.fork.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)

iEYEARECAAYFAkpBvBsACgkQFdaIBMps37LnLQCeNw8Es9R9X8QySoZni2JQ9Kma
N+8An3Ff/bB4l3dvgfAa0rAA+TjbfQBV
=8YtE
-----END PGP SIGNATURE-----
